IPv6 Pain Experiment

Fri Oct 4 01:19:35 UTC 2019

> On 4 Oct 2019, at 10:35 am, Masataka Ohta <mohta at necom830.hpcl.titech.ac.jp> wrote:
> 
> Doug Barton wrote:
> 
>> Not if you configure your services (like DNS) with static addresses,which as we've already discussed is not only possible, but easy.
> 
> That's your opinion. But, as Mark Andrews said:
> 
> > Actually you can do exactly the same thing for glue.
> 
> I show it not so easy.

For TSIG

% nsupdate
zone com
update del ns1.example.com a
update add ns1.example.com 3600 in a 1.2.3.4
key [hmac:]keyname secret
send
%

For SIG(0)

% nsupdate -k keyfile
zone com
update del ns1.example.com a
update add ns1.example.com 3600 in a 1.2.3.4
send
%

Please explain how https://datatracker.ietf.org/doc/draft-andrews-dnsop-update-parent-zones/
would not work.

Update messages are designed to be forwarded and that includes signed
UPDATE messages be they TSIG or SIG(0).  Named already forwards UPDATE
messages if your tell it to.

We already have UPDATE clients that lookup SRV records to send UPDATE
messages to dedicated servers.  You home router may contain one of them
today.  If you have a Mac it already includes such a client.  See
System Preferences/Sharing/Edit/Use Dynamic Global Hostname
which allows you to specify the TSIG key to update the DNS entries for
the Mac. That looks for a SRV record before falling back to the nameservers
for the zone.  Apple registered the SRV prefix a decade or so ago.

None of this is technically hard to do.  It’s bolting together existing stuff.
It just requires a willingness to deploy.  Ask for it and it will appear.
This isn’t a technical problem.  It is a political problem.

> > Please stop spreading FUD regarding this topic.
> 
> Automatic renumbering involving DNS was important design goal
> of IPv6 with reasons.
> 
> Lack of it is still a problem.
> 
> 							Masataka Ohta

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org